Articles in this section

How to block user-agents in Plesk Control Panel on Windows?

Rangel Sardinha
Updated
kb: how-to

Question

How to block user-agents in Plesk Control Panel on Windows?

Answer

Choose a method that suites you most:

 

Using Filtering Rules on IIS

To block these agents on IIS use the following steps:

  • Open the IIS Manager
  • Navigate to the level that you want to block the request (use the top level to apply it to the entire server)
  • Click on Request Filtering (in IIS part)
  • Click on the Filters Tab, then click on Add filtering rule... in the Action panel on the right
  • Configure the tab as follows:
    • Define a name for the rule, in this example is "user-agent"
    • In the Scan Header field, add the value "user-agent"
    • In the Deny Strings field, add the values of the user-agents that must be blocked, one per line. In the example, is blocking the user-agents "hello" and "world"

    • You should add closer to this: 

  • Press OK and make a non-redirect following query with a specified user agent. Now it will return 404:
  • Add the following configuration (where hello, world and helloworld are case-insensitive:

    # curl -Ik 10.69.45.153:8880 -A hello
    HTTP/1.1 404 Not Found
    Content-Length: 929
    Content-Type: text/html
    Server: Microsoft-IIS/10.0
    X-Powered-By: ASP.NET
    X-Content-Type-Options: nosniff
    Date: Tue, 25 Mar 2025 14:47:08 GMT
    Connection: close

Using URL Rewriting Rules
To create a persistent rule in IIS on URL Rewriting, use the following steps:
  1. Open IIS Manager (inetmgr).
  2. Select the Server Node (not a specific site).
  3. Open URL Rewrite.
  4. Click “Add Rules…” on the right.
  5. Choose Blank Rule under “Inbound Rules”.
  6. Click Edit… under “Conditions”.
  7. Click Add and configure:
    • Name: Define a name for the rule, like "Block user-agent"
    • Pattern: use ".*" to get all request (without the quotes)
    • Condition Input: {HTTP_USER_AGENT}
    • Check if the input string: “Matches the Pattern”
    • Pattern: ".*(badbot|malicious-agent|exploit-scanner|hello|world).*" (Replace with actual user-agents and without the quotes)
  8. Click OK.
  9. In Action, select “Abort Request”.
  10. Click Apply and make a non-redirect following query with a specified user agent. Now it will return error aborting the connection:

    # curl -Ik 10.69.45.153:8880 -A world
    curl: (56) Recv failure: Connection reset by peer

 
This solution is persistent across Plesk updates. It affects all IIS-hosted sites, including the Plesk Panel. It does not rely on web.config, which Plesk modifies.
Alternatively, if you prefer to edit the file manually, you can add the following content to file C:\Windows\System32\inetsrv\config\applicationHost.config inside <system.webServer> after line that starts with <proxy enabled="true"...:

CONFIGTEXT: <rewrite>
    <rules>
        <rule name="Block Bad User-Agents" stopProcessing="true">
            <match url=".*" />
            <conditions>
                <add input="{HTTP_USER_AGENT}" pattern=".*(badbot|malicious-agent|exploit-scanner|hello|world).*" />
          </conditions>
            <action type="AbortRequest" />
      </rule>
    </rules>
</rewrite>

It will provide the same effect as the solution proposed above.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.